In a surprising new twist in the notorious SolarWinds attack series, it turns out Russian hackers, having infiltrated US government computer networks last year, started to deliberately target DHS threat hunters and possibly compromised their emails. Thus, senior security staff, whose job would be to track down the hackers once the breach was detected, got tracked down themselves.
In a few months of the ongoing attacks, when US officials were unaware of the breach, Russian hackers identified several top cybersecurity officials and analysts and attacked their email accounts, according to CNN sources.
It is unknown whether any accounts had been compromised. But the fact that the hackers managed to find out which DHS cybersecurity experts to hunt shows Russia’s deep understanding of US cyber defenses.
“It appears as if the Russian SolarWinds hackers possess granular information on personnel and who among them is likely to be involved in investigating the SolarWinds hack,” said Cedric Leighton, a former NSA official. “This could mean that networks have been penetrated to a degree we’ve not known before. If that’s true, we need a complete housecleaning of all our defensive cyberoperations.”
The news that hackers targeted top DHS threat hunters is another sign that the SolarWinds attack was one the most sophisticated cyberoperations ever conducted against the United States.
Security experts told CNN, if email hacks had been successful, the hackers could have monitored in real-time all actions US officials were undertaking once the attacks were discovered and could have adjusted their strategy accordingly. Thus it could have helped Russian hackers to remain undetected for as long as they did.
“What this does is it shows a level of sophistication in terms of targeting those who are working actively to prevent the attacks from either occurring or expanding. And so that is different than what you’re seeing in past cyberattacks,” Chris Cummiskey, a former acting DHS acting undersecretary, told CNN.
Sources told CNN that, in addition to top cyber officials at the agency, the hackers also targeted other lower-level threat hunters.
About 30 DHS email accounts had been infiltrated in the SolarWinds breach. Among them was a former acting secretary Chad Wolf and former DHS Chief Information Officer Karen Evans. CyberIntelMag reported that suspected Russian hackers hacked Wolf’s account in the news release on March 30.